veza/docs/SMOKE_TEST_V0903.md

Smoke Test v0.903 — Stabilisation v1.0 & Launch Readiness

Prérequis

• veza-backend-api compilé et démarré
• PostgreSQL avec migrations appliquées jusqu'à 134+
• Extensions PostgreSQL : pg_trgm, fuzzystrmatch
• Redis configuré
• .env complet (DATABASE_URL, JWT_SECRET, HCAPTCHA_SECRET, etc.)
• Utilisateur standard + admin avec tokens JWT
• Données suffisantes : tracks, plays, playlists, users, orders

---

1. Recherche & Recommandations (ST1)

1.1 Recherche phonétique

curl -s "http://localhost:8080/api/v1/search?q=hiphop" \
  -H "Authorization: Bearer {TOKEN}" | jq '.data.results | length'
# Attendu: trouve des résultats pour "hip hop", "hip-hop", "hiphop"

1.2 "Did you mean"

curl -s "http://localhost:8080/api/v1/search?q=electrnoic" \
  -H "Authorization: Bearer {TOKEN}" | jq '.data.did_you_mean'
# Attendu: "electronic"

1.3 Saved searches

curl -s -X POST http://localhost:8080/api/v1/search/saved \
  -H "Authorization: Bearer {TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"query": "chill beats", "filters": {"genre": "lofi"}}' | jq .
# Attendu: 201, saved search created

curl -s http://localhost:8080/api/v1/search/saved \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, liste des recherches sauvegardées

1.4 Recommendations

curl -s http://localhost:8080/api/v1/tracks/recommendations \
  -H "Authorization: Bearer {TOKEN}" | jq '.data | length'
# Attendu: >= 10 tracks recommandées (collaborative filtering ou fallback genre/BPM)

1.5 Auto playlists

# Frontend: naviguer vers Library
# Vérifier: section "Made for You" avec "Discover Weekly" (30 tracks) et "Your Top Tracks" (20 tracks)
# Vérifier: badge "Auto" sur ces playlists
# Vérifier: playlists en lecture seule

---

2. Player & Playlists (ST2)

2.1 Smart playlist

curl -s -X POST http://localhost:8080/api/v1/playlists/smart \
  -H "Authorization: Bearer {TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name": "Fast Hip Hop", "rules": [{"field":"genre","op":"eq","value":"hip-hop"},{"field":"bpm","op":"gt","value":"120"}], "logic": "AND", "limit": 50}' | jq .
# Attendu: 201, smart playlist created with matching tracks

2.2 Export M3U

curl -s http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/export?format=m3u \
  -H "Authorization: Bearer {TOKEN}" -o playlist.m3u
head playlist.m3u
# Attendu: #EXTM3U header, entries with #EXTINF and URLs

2.3 Merge playlists

curl -s -X POST http://localhost:8080/api/v1/playlists/merge \
  -H "Authorization: Bearer {TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"playlist_ids": ["{ID1}", "{ID2}"], "name": "Merged Playlist"}' | jq .
# Attendu: 201, merged playlist with deduplicated tracks

2.4 Duplicate playlist

curl -s -X POST http://localhost:8080/api/v1/playlists/{PLAYLIST_ID}/duplicate \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 201, "Copy of {original name}"

---

3. Auth & Sécurité (ST3)

3.1 Sessions actives

curl -s http://localhost:8080/api/v1/auth/sessions \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, liste des sessions avec device, IP, last_active_at
# Attendu: session courante marquée is_current=true

3.2 Révoquer une session

curl -s -X DELETE http://localhost:8080/api/v1/auth/sessions/{SESSION_ID} \
  -H "Authorization: Bearer {TOKEN}" | jq .
# Attendu: 200, session révoquée
# Vérifier: token de cette session invalide

3.3 Login history

curl -s http://localhost:8080/api/v1/auth/login-history \
  -H "Authorization: Bearer {TOKEN}" | jq '.data | length'
# Attendu: dernières connexions avec IP, device, date, success/failure

3.4 CAPTCHA

# Effectuer 3 tentatives de login échouées
# 4ème tentative: vérifier que le formulaire affiche un CAPTCHA
# Vérifier: login sans CAPTCHA → 400 "CAPTCHA required"

3.5 Password history

# Changer mot de passe vers "NewPassword1!"
# Tenter de rechanger vers l'ancien mot de passe
# Attendu: 400, "Cannot reuse recent passwords"

3.6 Frontend

# Settings → Security → Sessions
# Vérifier: tableau des devices actifs, bouton Revoke
# Settings → Security → Login History
# Vérifier: historique des connexions

---

4. Performance (ST4)

4.1 k6 load test

cd tests/load && k6 run auth-flow.js --vus 100 --duration 5m
# Attendu: p95 < 200ms, error rate < 1%

4.2 Cache Redis

# Effectuer 2 recherches identiques à 1s d'intervalle
# Vérifier: 2ème réponse significativement plus rapide (cache hit)

4.3 Cache headers assets

curl -sI http://localhost:5173/assets/index-*.js | grep cache-control
# Attendu: cache-control: max-age=31536000, immutable

---

5. Documentation v1.0 (ST5)

• docs/API_REFERENCE.md — tous les endpoints documentés
• docs/PRODUCTION_GUIDE.md — guide déploiement production complet
• README.md — mis à jour avec architecture v1.0, quick start, features
• docs/MIGRATION_GUIDE.md — liste migrations complète, procédure upgrade

---

6. E2E Final (REL)

6.1 Smoke tests précédents

# Exécuter les vérifications critiques de chaque version :
# v0.703: GET /live/streams/me/key → 200
# v0.801: curl -sI | grep content-security-policy → present
# v0.802: GET /cloud/files/:id/versions → 200
# v0.803: GET /swagger/index.html → 200
# v0.901: GET /marketplace/wishlist → 200
# v0.902: GET /social/hashtags/trending → 200

6.2 Security headers

curl -sI http://localhost:8080/api/v1/health | grep -iE "csp|hsts|x-frame|x-content"
# Attendu: tous les headers de sécurité présents

6.3 GDPR

# POST /users/me/export → 202 (export démarré)
# DELETE /users/me → 200 (compte supprimé, données anonymisées)

6.4 Lighthouse

# Chrome DevTools → Lighthouse (Mobile)
# Performance: ≥ 85
# Accessibility: ≥ 90
# PWA: ≥ 90
# Best Practices: ≥ 85
# SEO: ≥ 80

---

7. Release

• CHANGELOG.md contient historique complet v0.101 → v1.0
• docs/PROJECT_STATE.md : Version = v1.0, Phase = Released
• docs/FEATURE_STATUS.md : modules v1.0 finalisés
• docs/RETROSPECTIVE_V0903.md créée
• docs/RETROSPECTIVE_V1.md — rétrospective globale
• git tag v0.903 créé
• git tag v1.0 créé